#!/usr/bin/env python3
# -*- coding: utf-8 -*-

rules = [
    ## PHPINFO
    {"path": "phpinfo.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "pi.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "temp.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "info.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "test.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "php.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    {"path": "phpversion.php", "contains": b"PHP Extension|<title>phpinfo()|php_version", "vulmsg": "phpinfo() file leak . can leak some php version and abs path and sensitive message.", "phpinfo": True},
    ## OTHERS
    {"path": ".svn/all-wcprops", "contains": b"svn:wc:ra_dav:version-url", "vulmsg": ".svn leak", "skipwaf": True},
    {"path": ".svn/entries", "contains": b"\\s+dir\\s*\\d+\\s*", "vulmsg": ".svn leak", "skipwaf": True},
    {"path": "manager/html", "contains": b"conf/tomcat-users.xml", "vulmsg": "tomcat manager leak", "state_code": 401},
    {"path": ".git/config", "contains": b"repositoryformatversion[\\s\\S]*", "vulmsg": ".git leak", "skipwaf": True},
    {"path": ".bzr/README", "contains": b"This is a Bazaar[\\s\\S]", "vulmsg": ".brz leak", "skipwaf": True},
    {"path": "CVS/Root", "contains": b":pserver:[\\s\\S]*?:[\\s\\S]*", "vulmsg": "csv leak"},
    {"path": ".hg/requires", "contains": b"^revlogv1.*", "vulmsg": ".hg leak", "skipwaf": True},
    {"path": ".DS_Store", "contains": b"\x42\x75\x64\x31", "vulmsg": ".DS_Store file leak . can leak some directory tree.", "skipwaf": True},
    {"path": ".idea/workspace.xml", "contains": b'<project version="\\w+">', "vulmsg": "JetBrans .idea leak", "skipwaf": True},
    {"path": ".htaccess", "contains": b'(RewriteEngine|RewriteCond|RewriteRule|AuthType|AuthName|AuthUserFile|ErrorDocument|deny from|AddType|AddHandler|IndexIgnore|ContentDigest|AddOutputFilterByType|php_flag|php_value)\\s', "vulmsg": ".htaccess leak", "state_code": "2", "skipwaf": True},
    {"path": "sftp-config.json", "contains": b'("type":[\\s\\S]*?"host":[\\s\\S]*?"user":[\\s\\S]*?"password":[\\s\\S]*")', "vulmsg": "sftp-config  leak"},
    {"path": "recentservers.xml", "contains": b'filezilla', "vulmsg": "filezilla config  leak"},
    {"path": "swagger-ui.html", "contains": b'<title>Swagger UI</title>', "vulmsg": "api leak"},
    # {"path": "crossdomain.xml", "contains": b'<\?xml ', "vulmsg": "crossdomain.xml leak","level":0},
    {"path": "console/login/LoginForm.jsp", "contains": b"Oracle WebLogic Server", "vulmsg": "you can access /console to brute user password", "level": 1},
    {"path": "conf/context.xml", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "context.xml leak"},
    {"path": "conf/web.xml", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "web.xml leak"},
    {"path": "manager/status.xsd", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "status.xsd leak"},
    {"path": "conf/server.xml", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "server.xml leak"},
    {"path": "conf/context.xml", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "context.xml leak"},
    {"path": "conf/logging.properties", "contains": b"org.apache.catalina", "vulmsg": "context.xml leak"},
    {"path": "conf/tomcat-users.xml", "contains": b"^<\\?xml version.*?Licensed to the Apache Software Foundation", "vulmsg": "tomcat-users.xml leak"},
    {"path": "apc/apc.php", "contains": b"(APCu Version Information)|(General Cache Information)|(Detailed Memory Usage and Fragmentation)", "vulmsg": "APCu service information leakage", "max_dir": 3},
    {"path": "apc.php", "contains": b"(APCu Version Information)|(General Cache Information)|(Detailed Memory Usage and Fragmentation)", "vulmsg": "APCu service information leakage", "max_dir": 3},
    {"path": "cgi-bin/test/test.cgi", "contains": b"HTTP_ACCEPT.*?HTTP_ACCEPT_ENCODING", "vulmsg": "CGI Test page", "max_dir": 3},
    {"path": "debug/pprof/", "contains": b"Types of profiles available", "vulmsg": "pprof debug file", "max_dir": 3},
    {"path": "install.php?profile=default", "contains": b"<title>Choose language \\| Drupal</title>", "vulmsg": "pprof debug file", "max_dir": 3},
    {"path": "Reports/Pages/Folder.aspx", "contains": b"Report Manager", "vulmsg": "Detect Microsoft SQL Server Reporting", "max_dir": 3},
    {"path": "console", "contains": b"<h1>Interactive Console</h1>", "vulmsg": "Werkzeug debugger console", "max_dir": 3},
    {"path": "irj/portal", "contains": b"NetWeaver", "vulmsg": "SAP NetWeaver Detect", "max_dir": 3},
    {"path": "%c0", "contains": b"InvalidURI|InvalidArgument|NoSuchBucket", "vulmsg": "Detect Amazon-S3 Bucket", "max_dir": 3},
    {"path": "secure/Dashboard.jspa", "contains": b"Project Management Software", "vulmsg": "Detect Jira Issue Management Software", "max_dir": 3},
    {"path": "jira/secure/Dashboard.jspa", "contains": b"Project Management Software", "vulmsg": "Detect Jira Issue Management Software", "max_dir": 3},
    {"path": "settings.py", "contains": b"\\sTEMPLATES\\s?=\\s?\[", "vulmsg": "django settings.py leak", "max_dir": 3},
    {"path": "vpn/index.html", "contains": b"<title>Citrix Gateway</title>", "vulmsg": "Citrix VPN Detection", "max_dir": 3},
    # {"path": "crossdomain.xml", "contains": b"allow-access-from domain=\"*\"", "vulmsg": "Basic CORS misconfiguration exploitable with Flash", "max_dir": 3},
    {"path": "?phpinfo=-1", "contains": b'xdebug.remote_connect_back</td><td class="v">On</td><td class="v">On</td>', "vulmsg": "WAMP xdebug", "max_dir": 3},
    {"path": "?pp=env", "contains": b'Rack Environment', "vulmsg": "rack-mini-profiler environmnet information discloure", "max_dir": 3, "state_code": 200},
    {"path": "secure/popups/UserPickerBrowser.jspa", "contains": b'user-picker', "vulmsg": "Jira Unauthenticated User Picker", "max_dir": 3},
    {"path": "secure/ManageFilters.jspa?filter=popular&filterView=popular", "contains": b'filterlink_', "vulmsg": "Jira Unauthenticated Popular Filters", "max_dir": 3},
    {"path": "dispatcher/invalidate.cache", "contains": b'<H1>OK</H1>', "vulmsg": "Jira Unauthenticated Popular Filters", "max_dir": 3,"state_code": "200"},
]